Skip to content

Instantly share code, notes, and snippets.

@arantius arantius/index.php
Created Feb 3, 2016

Embed
What would you like to do?
Test script for online edit of `.user.js` files.
<?
////////////////////////////////////////////////////////////
// This proof of concept script is FULL OF SECURITY ISSUES.
// Don't use it, don't install it, don't expose it anywhere.
////////////////////////////////////////////////////////////
// Context: https://github.com/greasemonkey/greasemonkey/issues/2280
////////////////////////////////////////////////////////////
if (isset($_POST['file'])) {
$fp = fopen($_GET['file'], 'wb');
fwrite($fp, $_POST['content']);
fclose($fp);
header('Location: ' . $_SERVER['SCRIPT_NAME']);
exit;
} else if (isset($_GET['mode']) && 'install' == $_GET['mode']) {
$fp = fopen($_GET['file'], 'rb');
header('Content-type: text/plain');
header('Content-length: ' . filesize($_GET['file']));
fpassthru($fp);
exit;
}
header('Content-type: text/html');
?>
<!DOCTYPE html>
<html>
<head>
<title>Script Editor</title>
</head>
<body>
<?
if (isset($_GET['file'])) {
print "<form method='post' action='?save&file={$_GET['file']}'>";
print "<input type='hidden' name='file' value='{$_GET['file']}'>";
print "<textarea rows=20 cols=80 name='content'>";
$fp = fopen($_GET['file'], 'rb');
print htmlspecialchars(fread($fp, filesize($_GET['file'])), ENT_QUOTES);
print "</textarea><br>";
print "<input type='submit' value='Save'>";
print "</form>";
print "<hr>";
print "<a href='?file={$_GET['file']}'>Edit</a> ";
print "<a href='?mode=install&file={$_GET['file']}'>Install</a> ";
} else {
print '<ul>';
foreach (glob('*.user.js') as $filename) {
print "<li>$filename ";
print "<a href='?file=$filename'>Edit</a> ";
print "<a href='?mode=install&file=$filename'>Install</a> ";
print "</li>";
}
print "<li><form>New file: <input type='text' name='file'><input type='submit'></form</li>";
print "</ul>";
}
?>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.